<?php
require_once("../inc/constants.inc.php");
require_once("../inc/connection.php");
// define variables and set to empty values

if(isset($_POST['register']))
	{
		$url="../index.php";
		header("Refresh:0;URL=$url");
		exit(0);
	}


if ($_SERVER["REQUEST_METHOD"] == "POST")
{
	//$con = mysql_connect(DB_HOST,DB_USERNAME,DB_PASSWORD) or error(mysql_error());
	//mysql_select_db(DB_NAME,$con) or error(mysql_error());
		
	$email = fiter_input($_POST["email"]);
	$password = md5(mysql_real_escape_string($_POST["password"]));
	
	// check login
	
	$sql="SELECT * FROM login_details WHERE UserEmail='$email' and UserPassword='$password'";
	$result=mysql_query($sql);
	$row = mysql_fetch_array($result);
	if(!empty($row) && !empty($row['UserEmail']))
	{
		session_start();
		$user_role = $row['UserRole'];
		$_SESSION['email'] = $email;
		$_SESSION['login'] = true;
		$_SESSION['name'] = $row['UserName'];
		$_SESSION['userID'] = $row['userID'];
		if($user_role == 2)
		{
			$_SESSION['user_role'] = '2';
			header("Location: ../test.php");
		}
		if($user_role == 1)
		{
			$_SESSION['user_role'] = '1';
			header("Location: ../dashboard.php");
		}
	
	}else
	{
		$error = "incorrect email/password";
		header("Location: ../login.php?error=1");
	}
}

function error($error_string,$file="",$line="")
{
	echo $error_string;
	echo $line;
	exit();
}
function fiter_input($data)
{
     $data = trim(mysql_real_escape_string($data));
     $data = htmlspecialchars($data);
     return $data;
}
?>